[PATCH] nvme-auth: Avoid C=1 warning in nvme_auth_derive_tls_psk()

[PATCH] nvme-auth: Avoid C=1 warning in nvme_auth_derive_tls_psk()

[Eric Biggers]

The following works fine with gcc and clang, but sparse warns about
label_len not being an actual constant expression:

    const size_t label_len = sizeof(label) - 1;
    ...
    static_assert(label_len <= 255);

Avoid this by giving label an explicit length and using sizeof(label)
instead of label_len.

Reported-by: John Garry <john.g.garry@oracle.com>
Closes: https://lore.kernel.org/linux-nvme/965a37dd-f698-46b6-9623-1099a13f7e60@oracle.com
Fixes: d126cbaa7d9a ("nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()")
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
 drivers/nvme/common/auth.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
index 77f1d22512f8..e2e0c736540a 100644
--- a/drivers/nvme/common/auth.c
+++ b/drivers/nvme/common/auth.c
@@ -690,12 +690,11 @@ EXPORT_SYMBOL_GPL(nvme_auth_generate_digest);
  */
 int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 			     const char *psk_digest, u8 **ret_psk)
 {
 	static const u8 default_salt[NVME_AUTH_MAX_DIGEST_SIZE];
-	static const char label[] = "tls13 nvme-tls-psk";
-	const size_t label_len = sizeof(label) - 1;
+	static const char label[18] = "tls13 nvme-tls-psk";
 	u8 prk[NVME_AUTH_MAX_DIGEST_SIZE];
 	size_t hash_len, ctx_len;
 	u8 *hmac_data = NULL, *tls_key;
 	size_t i;
 	int ret;
@@ -727,11 +726,11 @@ int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 	 * HKDF-Expand-Label (RFC 8446 section 7.1), with output length equal to
 	 * the hash length (so only a single HMAC operation is needed)
 	 */
 
 	hmac_data = kmalloc(/* output length */ 2 +
-			    /* label */ 1 + label_len +
+			    /* label */ 1 + sizeof(label) +
 			    /* context (max) */ 1 + 3 + 1 + strlen(psk_digest) +
 			    /* counter */ 1,
 			    GFP_KERNEL);
 	if (!hmac_data) {
 		ret = -ENOMEM;
@@ -741,14 +740,14 @@ int nvme_auth_derive_tls_psk(int hmac_id, const u8 *psk, size_t psk_len,
 	i = 0;
 	hmac_data[i++] = hash_len >> 8;
 	hmac_data[i++] = hash_len;
 
 	/* label */
-	static_assert(label_len <= 255);
-	hmac_data[i] = label_len;
-	memcpy(&hmac_data[i + 1], label, label_len);
-	i += 1 + label_len;
+	static_assert(sizeof(label) <= 255);
+	hmac_data[i] = sizeof(label);
+	memcpy(&hmac_data[i + 1], label, sizeof(label));
+	i += 1 + sizeof(label);
 
 	/* context */
 	ctx_len = sprintf(&hmac_data[i + 1], "%02d %s", hmac_id, psk_digest);
 	if (ctx_len > 255) {
 		ret = -EINVAL;

base-commit: a142da0b2d32b68a6d1b183343bbe43de8c222f9
-- 
2.54.0

Re: [PATCH] nvme-auth: Avoid C=1 warning in nvme_auth_derive_tls_psk()

[John Garry]

On 25/06/2026 18:59, Eric Biggers wrote:
> The following works fine with gcc and clang, but sparse warns about
> label_len not being an actual constant expression:
> 
>      const size_t label_len = sizeof(label) - 1;
>      ...
>      static_assert(label_len <= 255);
> 
> Avoid this by giving label an explicit length and using sizeof(label)
> instead of label_len.
> 
> Reported-by: John Garry<john.g.garry@oracle.com>
> Closes:https://urldefense.com/v3/__https://lore.kernel.org/linux-nvme/965a37dd- 
> f698-46b6-9623-1099a13f7e60@oracle.com__;!!ACWV5N9M2RV99hQ! 
> J8XE1bwk2YdSyC1OFLwKfqW-6sr8q1CbdbAt7eLiiK3apCc8fUART- 
> Ty_XUdFhzZih5QzMnkLbrQTNUK3TBi$ 
> Fixes: d126cbaa7d9a ("nvme-auth: common: use crypto library in nvme_auth_derive_tls_psk()")
> Signed-off-by: Eric Biggers<ebiggers@kernel.org>

cheers

Reviewed-by: John Garry <john.g.garry@oracle.com>